Ca: RBC client sees others’ private data online

An alert reader from north of the border sends in this one.

Ellen Roseman reports:

Ava Wong had her identity stolen in 2008. She spent the next year trying to get her financial life in order again.

So, she was upset to log into her RBC banking account last month and find someone else’s confidential information there.

“On Nov. 27, I discovered that all the line of credit statements belonging to a couple in Saskatoon had been linked to my client profile,” she said.

“I was able to see every statement belonging to their RBC Homeline Plan, starting from July 2007, when they first opened the account.”

She reported the incident to a senior account manager that day. On Nov. 30, she followed up to say she could still see the information.

[…]

Matt Gierasimczuk, an RBC spokesman, quickly responded to my inquiries. He set up a conference call with Jeff Green, RBC’s chief privacy officer and vice-president of global compliance.

Green said a processing error, involving an automated systems fix, had led to a privacy breach that affected four clients in total. He was made aware of the problem when it was reported to the customer care centre.

RBC notified the clients whose information was disclosed in error, he said, adding that Wong’s data was not seen by another client.

Companies aren’t required to report privacy incidents to the affected people or to the Office of the Privacy Commissioner of Canada (OPC).